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(57) Abstract 

This invention relates to methods for controlling and monitoring access to network servers. In particular, the process described in the 
invention includes client-server sessions over the Internet involving hypertext files. In the hypertext environment, a client views a document 
transmitted by a content server with a standard program known as the browser. Each hypertext document or page contains links to other 
hypertext pages which the user may select to traverse. When the user selects a link that Is directed to an access-controlled file, the server 
subjects the request to a secondary server which determines whether the client has an authorization or valid account Upon such verification, 
the user is provided with a session identification which allows the user to access to the requested file as well as any other files within the 
present protection domain. 
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INTERNET SERVER ACCESS CONTROT. AND MONITORING SYSTKM.g 

Reference to Append^ v 

A portion of the disclosure of this patent document 
contains material which is subject to copyright protection. 
The copyright owner has no objection to the facsimile 
reproduction by any one of the patent disclosure, as it 
appears in the Patent and Trademark Office patent files or 
records, but otherwise reserves all copyright rights 
whatsoever. 

Backarc and of the Invention 

The internet, which started in the late 1960s, is a 
vast computer network consisting of many smaller networks 
that span the entire globe. The Internet has grown 
c-..-.^ .•: •.; vialiy, and Millions of . users ranging from 
individuals to corporations now use permanent and dial-up 
connections to use the Internet on a daily basis worldwide. 
The computers or networks of cor??uters conr.nrr: ... ..• ■-v- wne 
Internet, known as "hosts", allow public access to 
databases featuring information in nearly every field of 
expertise and are supported by entities ranging from 
universities and government to many commercial 
organizations. 

The information on the Internet is made available to 
the public through "servers". A server is a system running 
on an Internet host for making available files or documents 
contained within that host. Such files are typically 
stored on magnetic storage devices, such as tape drives or 
fixed disks, local to the host. An Internet server may 
distribute information to any computer that requests the 
files on a host. The computer making such a request is 
known as the "client", which may be an Internet-connected 
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Created in 1991, the Web is based on the concept of 
"hypertext" and a transfer method known as "HTTP" 
(Hypertext Transfer Protocol) . HTTP is designed to run 
primarily over TCP/IP and uses the standard Internet setup, 
where a server issues the data and a client displays or 
processes it. One format for information transfer is to 
create documents using Hypertext Markup Language (HTML) . 
HTML pages are made up of standard text as well as 
formatting codes which indicate how the page should be 
displayed. The Web client, a browser, reads these codes in 
order to display the page. The hypertext conventions and 
related functions of the world wide web are described in 
the appendices of U.S. Patent Application Serial No. 
08/328,133, filed on October 24, 1994, by Payne et al. 
which is incorporated herein by reference. 

Each Web page may contain pi -*r<?r; rv-i noun- 1 - "ir 
auax-'^ci, w-:- text. Hidden behind certain "i -xl, jv : - ■•• -..iu: ox- 
sounds are connections, known as "hypertext 2 inks*" 
("links") , to other pages within the same server or even on 
other computers within the Internet, For example, iinks 
may be visually displayed as words or phrases that may be 
underlined or displayed in a second color* Each link is 
directed to a web page by using a special name called a URL 
(Uniform Resource Locator) . URLs enable a Web browser to 
go directly to any file held on any Web server. A user may 
also specify a known URL by writing it directly into the 
command line on a Web page to jump to another Web page. 

The URL naming system consists of three parts: the 
transfer format, the host name of the machine that holds 
the file, and the path to the file. An example of a URL 
may b :. 



http: //www . college . univ • edu/Adzr/Bdir/Cdir/page • html , 
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private local area networks (LAN) , system administrators 
implement various data-flow control mechanisms, such as the 
Internet "firewalls", within their networks. An Internet 
firewall allows a user to reach the Internet anonymously 
5 while preventing intruders of the outside world from 
accessing the user's LAN. 

Summary. of the Invention 

The present invention relates to methods of processing 
service requests from a client to a server through a 
network. In particular, the present invention is applicable 
to processing client requests in in HTTP (Hypertext 
Transfer Protocol) environment, such as the World-Wide Web 
(Web) . One aspect of the invention involves forwarding a 
service request from the client to the server and appending 
a session identification (SID) to the request and to 
subsequent service requests from the client to the server 
within a session of requests. In a preferred embodiment, 
the present method involves returning the SID from the 
server to the client upon an initial service request made 
by the client. A valid SID may include an authoriEation 
identifier to allow a user to access controlled files. 

In a preferred embodiment, a client request is made 
with a Uniform Resource Locator (URL) from a Web browser. 
Where a client request is directed to a controlled file 
without an SID, the Internet server subjects the client to 
an authorization routine prior to issuing the SID, the SID 
being protected from forgery. A content server initiates 
the authorization routine by redirecting the client's 
request to an authentication server which may be at a 
different host. Upon receiving a redirected request, the 
authentication server returns a response to interrogate the 
client and then issues an SID to a qualified client. For a 
new client, the authentication server may open a hew 
account and issue an SID thereafter. A valid SID typically 



WO 96/42041 



PCT/US96/07838 



-7- 

relative link points to a controlled page in a different 
protection domain, the SID is no longer valid, and the 
client is automatically redirected to forward the rewritten 
URL to the authentication server to update the SID. The 
5 updated or new SID provides access to the new domain if the 
user is qualified. 

The. user may also elect to traverse a link to a 
document : in a different path. This is called an "absolute 
link". In generating a new absolute link, the SID is 

10 overwritten by the browser. In the preferred embodiment, 
the content: server, in each serving of a controlled Web 
page within the domain, filters the page to include the 
current SID in each absolute URL on the page. Hence, when 
the user elects to traverse an absolute link, the browser 

15 is facilitated with an authenticated URL which is directed 
with its SID to a page in a different path. In another 
embodiment, the content server may forego the filtering 
proce. -.ire as above-described and redirect an absolute URL 
to the authentication server for an update. 

20 An absolute link may also be directed to a controlled 

file in a different domain. Again, such a request is 
redirected to the authentication server for processing of a 
new. SID. , An absolute link directed to an uncontrolled file 
is accorded an immediate access. 

25 In another embodiment, a server access control may be 

maintained by programming the client browser to store an 
SID or a similar tag for use in each URL call to that 
particular server.. This embodiment, however, requires a 
special browser which can handle such communications and is 

30 generally not suitable for the standard browser format 
common to the Web. 

Another aspect of the invention is to monitor the 
frequency and duration of. access to various pages both 
controlled and uncontrolled, a transaction log within a 
35 content server keeps a history of each client access to a 



WO 96/42041 



PCT/US96/07838 



-9- 

Detaile d -Description of the Invents hn 

Referring now to the drawings, Figure l is a graphical 
illustration of the Internet. The Internet 10 is a network 
of millions of interconnected computers 12 including 
5 systems owned by Internet providers 16 and information 
systems (BBS) 20 such as Compuserve or America Online. 
Individual or corporate users may establish connections to 
the Internet in several ways. A user on a home PC 14 may 
purchase an account through the Internet provider 16. 
10 Using a modem 22, the PC user can dial up the Internet 
provider to connect to a high speed modem 24 which, in 
turn, provides a full service connection to the Internet. 
A user 18 may also make a somewhat limited connection to 
the Internet through a BBS 20 that provides an Internet 
- connection to its customers. 

Figure 2 A is a flowchart detailing the preferred 
process of the present invention arid Figure 4 illustrates a 
sample Web page displayed at a client by a browser. The 
page includes text 404 which includes underlined link text 
>0 412. The title bar 4 08 arid URL bar 4 02 display the title 
and URL of the current web page, respectively. As shown in 
Figure 4, the title of the page is "Content Home Page" and 
the corresponding URL is "http: //content. com/homepage" . 
When a cursor 414 is positioned over link text 412b, the 
!5 page which would be retrieved by clicking a mouse is 

typically identified in a status bar 406 which shows the 
URL for that link. In this example the status bar 406 
shows that the URL for the pointed link 412b is directed to 
a page called "advertisement" in a commercial content 
0 server called "content". By clicking on the link text, the 
user causes the browser to generate a URL GET request at 
100 in Figur 2 A. The browser forwards the request to a 
content server 120 , which processes the request by first 
determining whether the requested page is a controlled 
5 document 102. If the request is directed to an 
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SID is no longer valid and, again, the user is redirected 
to the. authentication server 122. 

If. the request is for a controlled page within the 
current domain, the content server proceeds to log the 
request, URL, : tagged with SID, and the user IP address in 
the transaction log 108. The content server then 
validates the SID 110. Such validation includes the 
following list of checks: (1) the SID's digital signature 
is compared against the digital signature computed from the 
remaining items in the SID and the user IP address using 
the secret key shared by the authentication and content 
servers; (2) the domain field of the SID is checked to 
.verify that it is within the domain authorized; and (3) the 
EXP field of the SID is checked to verify i • at it is later 
15 than the current time. 

If the validation passes, the center.." server searches 
the page, to be forwarded for any absolute URL links 
contained therein 112, that is, any links directed to 
controlled documents in different content servers. The 
content server augments each absolu-e url with the current 
SID to facilitate authenticated accesses across multiple 
content servers . The requested page as processed is then 
transmitted to the client browser for display 117. The 
user, viewing the requested Web page may elect to traverse 
any link on that page to trigger the entire sequence again 
100..- .-• .. - 

Figure 2B describes the details of the authentication 
process. The content server may redirect the client to an 
authentication server. The REDIRECT URL might be: 
"http: //auth.com/authenticate?domain=[domain] &URL=http: // 
content.c m/reporf. That URL requests authentication and 
specifies the: domain and the initial URL. In response to 
the REDIRECT, the cli nt browser automatically sends a GET 
request with th provided url. 
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222 is transmitted to the client browser 100. if the user 
is qualified, the new user is sent a form page such as 
illustrated in Figure 5 to initiate a real-time on-line 
registration 224. The form may, for example, require 
5 personal information and credit references from the user. 
The browser is able to transmit the data entered by the 
user in : the blanks 502 as a "POST" message to the 
authentication server. A POST message causes form contents 
to be sent to the server in a data body other than as part 
10 of the URL. If the registration form filled out by the new 
user xo valid 226, an appropriate SID 'is- generated' 228. If 
the registration is not valid, access is again denied 222. 

An SID for an authorized user is appended ("tagged") 
230. to the original V ', -\: • v- . .., led . fe on 

15 the. content server. The authentication server then 

transmits a REDIRECT response 232 based on the tagged URL 
to the client browser 100. The modified URL, such as 
"http://content.com/ [SID] /report" is automatically 
forwarded to the content server 120. 
10 Figure 3, illustrates a typical client-server exchang • 

involving the access control and monitoring method of the 
present invention. In Step l, the client 50 running a 
browser -transmits a GET request through a network for an 
uncontrolled page (UCP) . For example, the user may request 
15 an advertisement page by transmitting a URL "http:// 
content . com/ advertisement" , where "content . com" is -the 
server name and "advertisement" is the uncontrolled page 
name. In Step 2, the content server 52 processes the GET 
request and transmits the requested page, "advertisement". 
0 The content server also logs the GET request in the 

transaction database 56 by recording the URL, the client IP 
address, and the current time. 

In Step 3/ the user on the client machine may elect to 
traverse a link in the advertisement page directed to a 
5 controlled page (CP) . For example, the advertisement page 
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the client, in Step 9, the tagged URL is automatically 
forwarded by the browser as a GET request to the content, 
server. The content server logs the GET request in the 
Transaction database 56 by recording the tagged URL, the 

5 client IP address, and the current time. In Step 10, the 
content server, upon. validating the SID, transmits the 
requested controlled page "report" for display' on the 

. , client browser. 

According to one aspect of the present invention, the 
10 content server periodically evaluates the record contained 
in the transaction log 56 to determine the frequency and 
duration of accesses to the associated content server. The 
server counts requests to particular pages exclusive of 
ated requests from a common client in order to 
:5. ae. ermine the merits of the information on diffe: ent pages 
for ratings purposes. By excluding repeated calls, the 
system avoids distortions by users attempting to "stuff the 
ballot box." In one embodiment, the time intervals 
between repeated requests by a .: ;.r. ' e measured 

0 to exclude those requests falling within derined period 
of time. 

--io.iaxj.y, Uie server- may, at any given tine, track 
access history within a client-server session. Such a 
history profile infc -ms the service provider about link 

5 transversal frequencies and link paths followed by users. 
This profile is. produced by filtering transaction logs from 
one. or more servers to select only transactions involving a 
particular user ID (UID) . Two subsequent entries, A and B, 
corresponding to requests from a given user in these logs 

0 represent -a link traversal from document A to document B 
made by the user in question. This information may be used 
to id ntify the m st popular . links to a specific page and 
to suggest where to insert new links t provide mor direct 
access. In another embodiment, the acc ss history is 

5 evaluated to determine traversed links leading to a 
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identification is most appropriately embedded in the 
session identifier described above. 

In another aspect of the invention, facilities are 
provided to allow users to utilize conventional telephone 
numbers or other identifiers to access merchant services. 
These merchant services can optionally be protected using 
SIDs. In a preferred embodiment, as shown in Figure 6, a 
Web browser. client 601 provides a "dial" command to accept 
a telephone number from a user, as by clicking on a "dial" 
icon and inputting the telephone number through the 
keyboard. The browser then constructs a URL of the form 
"http://directory.net/NUMBER", where NUMBER is the 
telephone number or other identifier specified by the user. 
The browser, then performs a GET of the document specified 
by this URL, and contacts directory server 602, sending the 
NUMBER requested - in Message 1. 



browser, client 601 uses a form page provided by directory 
server 601 that prompts for a telephone number or other 
iden—iier in place of a "dial" command, and Message l is a 
POST message to a URL specified by this form page. 

. Once NUMBER is received by directory server 601, the 
directory server uses database 604 to translate the NUMBER 
to a target URL that describes the merchant server and 
document that implements the service corresponding to 
NUMBER. This translation can ignore the punctuation of the 
number, therefore embedded parenthesis or dashes are not 
significant. 

In another embodiment an identifier other than a 
number may be provided. For example, a user may enter a 
company name or product name without exact spelling. In 
such a case a "soundex" or other phonetic mapping can be 
used to permit words that sound alike to map to th same 
target URL. Multiple identifiers can also be used, such as 
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would first authenticate the user as belonging to the gold 
users group, and then would provide access to the "priority 
gold- page. An unpublished "ambassador" number could be 
directed to a tagged URL that permits access to the 
"priority gold" page without user authentication. 

This invention has particular application to network 
sales systems such as presented in U.S. Patent Application 
Serial No. 08/328,133, filed October 24, 1994, by Payne 
et_al. which is incorporated herein by reference. 

Equivalents : 



ascf 



Those skilled in the art will know, or be able to 

; using no more ...an routine experimentation, many 
equivalents to the specific embodiments or the invention 
aesc-bed herein. These and all other equivalents are 
intended to be encom f red by the following claims. 
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/* 

* compute_ihash 

* • ■ 

* Compute the MD5 hash for the specified string, returning the hash as 

* a 32b xor of the 4 hash longwords. 
* 

* Results: 

* hash int . 
* 

* Side effects: 

* None . . 

★ . ^ 

*/ 

int cotnpute_ihash ( char *str) 

{ 

MD5_CTX md5, 
unsigned char hash [16] ; 
unsigned int *pl; 
unsigned int hashi = 0; 

MDSInit (&md5) ; 

MD5Update(&md5, str, strlen (str) ) ; 

MDSFinal (hash, &md5) ; 

pi - (unsigned int: *) hash;. 

has:. . ' - *pl++; 
hashi *pi++; 
hashi ~= *pl++; 
r . ■ hashi ; 

} 



* ticket. c . • • 
* 

* Commands for TICKET. 
* 

* Copyright 1995 by Open Market, Inc. 

* All rights reserved. 
* 

* This file contains pr prietary and confidential information and 

* remains the unpublished property of Open Market, Inc. Use, 

* disclosure, or reproduction is prohibited except as permitted by 

* express written license agreement with Open Market, Inc. 
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static char *GetAsciiDomain(char *domname, char *df It) ; 

static int computer_ihash(char *str) ; 

static char *computerHaeh{char *str) ; 

static char *Get Secret (int kid); 

static int GetKidByKeyID(char *keyID) ; 

static char *CreateSid(HTTP_Request *reqptr, int dom, int uid, int kid, 

int exp, int uctx) ; 
static void f reeTicketReqData (void *dataPtr) ; 
static void DumpStatus (HTTP_Request *reqPtr) ; 

static void TICKET^ DebugHooks (ClientData clientData, char * suffix. 

HTTP_Request *reqPtr) ; 
static int ParseSid(HTTP_Request *reqPtr) ; 
static int ParseTicket (HTTP_Request *reqPtr) ; 
static char *f ieldParse (char *str, char sep, char **endptr) ; 
void TICKET_ConfigCheck() ; 
void DumpRusage (HTTP_Request *reqPtr) ; 



/* 
* . 



* TICKET_RequireSidCmd 
* 

* Checks that the requested URL is authorized via SID to access "his 

* region. If the access is not authorized and we do not have a ••remote' 

* authentication server- registered, then an "unauthroized message" 

* is returned. If a "remote authentication server- has been 

* declared, we REDIRECT to t-hat server, passing the requeued '~7. , :.d 

* required domain's as. arc,, ...^ats. 



* Results: 

* Normal Tel result, or a REDIRECT request. 

★ 

* Side effects: 

* Either an "unauthorized access" message or a REDIRECT in case of 
error . 



*/ 

static int TICKET_RequireSidCrad (ClientData clientData, Tcl_Interp *interp, 

int argc, char **argv) 

if (TicketGlobalData(EnableSidEater) ) return TCL_OK/ 

return (ProcessRequires (clientData, interp.argc, argv, ticketsid) ) ,* 

/* 
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/• compare the requesting SID/Ticket<DOM> to authorized list of domains */ 
/* a match OR any valid domain and a required domain of Ticket FreeArea is 

su 

for {i = l; i < argc; i++) 
{ 

required_dom «= GetDomain(argvfi) -i) ; 
if (required_dom !» -1) 

( 

if (firstLegalDom — -i) f irstLegalDom * required_dom; 
if ( ( ticket Ptr->sidDom « required_doni) || 

( ticket Ptr->valid && (ticketPtr->sidDom !» -ij 

(requiredjiom TicketGlobalData (FreeArea) ) ) | j 
( (ticketPtr->ticketDom ««* required_dom) 
(time(O) <* ticketPtr->ticketExp) && 
( (DStringLength(&ticketPtr->ticketIP) o) |j 

(strcmp(DStringValue( t ticketPtr->ticketI?) ( DStringValue UreqPtr- 



) 

{ 

DStringFree (&targetUrl ) f 
rstrii , je (fcescapeUrl, , 
return TCL OK; 
} 



} 

) 



/* count th- r-^ber domain crossing that caused re-auth */ 

if ({flavor « (ticketPtr->sidDom) != -1) IncTicnetCounte Cou 

/* authorization failed, if this was a sid url, and local auth is enabled ♦/ 
/> or this was. an access to the free area */ 

/* insert a new sid in the url, and REDIRECT back to the client 8? 
if (TicketGlobalData (EnableLocalA\:th> ! ' 

({firstLegalDom •« TicketGlobalData (FreeArea) ) 

&& (flavor -= ticketSid) && (firstLegalDom »«= -l))) 

{ 

if ( (DStringLength(&reqPtr->url) != o) && 
(DStringValue(&reqPtr->url) [0] u '/')) 

{ 

HTTPJ2rror<reqPtr, NOTTOOND, -access denied due to poorly formed url"), 
DStringFree (fctargetUrl) ; 
DStringFree (fcescapeUrl) ; 
if OticketPtr->valid) 

DStringFree <&ticketPtr->sid) ; 
return TCL_RETORN; 
} 

NewSid « CreateSid(reqPtr, 
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DSt ringAppend ( AescapeUr 1 , » } « . x } . 
EscapeUrK&escapeUrl) * 

DStnngPree ( ttargetUrl ) ,« 

if (!ticketPtr->valid) 

DStringFree(&ticketPtr->sid) ; 
return TCL_RETORN- 

} . 

/* authorization failed, if this is a ticket » MM * 

/* reason and handl via a redirect to a haL, ' <** *' 

/* no access message ./ handler, or punt a V 

if ((flavor == tieketT-cket) « (f irst L e g alDo„, && (t . „ 

{ • 1) && <ticketPtr->ticketD 

/* check For IP address restrictions V 

if (<DStringLengthUticketPtr->ticket IP) ,_ 0 ) i& 

(DstringLength( t TicketGlobalData(TicketAdrHandler,, , „, 

(strcmp( DS tringVa : e ( & ticketPtr->ticketIP, n7, ' " 

{ r >tieteetIP) . DStr lilgVa lue UreqPtr- > reM 

D.9*-~- ' * j /,-♦_„ „ . 

trin, A p pend(&target:Ur: . &T3rl .„ i} '"^tPtr^fxeids), 

Z • r r APPend ( &t "Se tUr 1 . nstriag Value '( fcregPtr- >url ) , , 

IncTicketCoun t er(CountTicketAddr),. 

HI- Mirror (re-rv-.s . REDIRECT, nst-' , t . 
DStri ng F ree(ttar3etUr " -^-rgetU.l). 

return TCL_RETDRN; 

/* check for expired tick- 

if (time(0) > ticketPtr->^-v stE: ) 

nstringAppendC.targetUrl. .J^T™^**' 1 *'*-" 1 * 1 "*' ~» ' 
DStringAppend( & targetUrl, DStringValue Ure g Ptr->url, xl 
IncTicketCounterfCountExpiredTicket,,/* ' ' 

HTTP.ErrorCreqPtr. redirect, DStringValue UtargettTrl) > 
DStnngFxeeCttargetUrl) ; c «9ecurl)) ; 
return TCL_RETDRK- 
} 

} 
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/* no handler, punt a message */ 

HTTP Error (reqPtr, FORBIDDEN, -access denied by Require ticket/sid region 

CO 

IncTicke t Count er (CountNoRedirects) ; 
if ( ! ticketPtr- >valid) 
DStringFree ( tticketPtr- >sid) ; 
DStringFree (fctargetUrl) ; 
DStringFree (fcescapeUrl) ; 
return TCL_RETORN; 

} 

/* 

* — — ~ 

* Get (Ascii) Domain 

* These routine performs an ascii to binary domain name lookup, 

* indexed by 'key') from the server's domain name catalog. Name /number 

* pair's are loaded into the catalog at configuration time with the 

* with the "Domain" configuration command. The Ascii version returns 

* a pointer to a character string that represents the domain number. 

* The non Ascii version returns an integer representing the domain number. 
* 

* Results: 

* Integer value of domain. If no domain is available, returns deflt. 

* Side effects: 

* None . 



static int GetDomain (char *domname, int deflt) 
{ 

HashEntry *entryPtr; 
DString DomName ; 

DStringlnit (fcDomName) ; 

DStringAppend ( tDomName , domname , -1) ; 

strtolower (DStringValue (&DomName) ) ; 

entryPtr = FindHashEntry ( &TicketServerData . Domains , 
DStringValue (tDoiriName) ) ; 
DStringFree (fcDotnName) ; 
if (entryPtr « NULL) return deflt; 



SUBSTITUTE SHEET (RULE 26) 



WO 96/42041 „ 

PCT/US96/07838 

-29- 

return (int) GetHashValue (entryPtr) ; 
static char * GetAsciiDotnain (char -domname, char -deflt) 

HashEntry *entryPtr; 
static char buffer [64]; 
DString DomName; 

DStringlnit (&DomName) ; 
DStringAppend (DomName, domname, -i) ; 
strtolower(DStringValue(&DomName) ) ; ' 

entryPtr = FindHashEntry ( & TicketServerData . Domains 
DStringValue (fcDomKame) ) ; 
DStringFree(&DomName) ; 

if (entryPtr == NULL) return deflt; • ■ „ 

sprint f (buff r r »*d" (int) G^t-w ^ 

, line; GetH.. alue (entryPtr) ) ■ 

return buffer; 
} 



* 

* TXCK£T_InsertLocalSid 



if it does, and lt does not already contain a SID, insert en- - 

• :rrent recent included one. v...-, - . . - j-. rr ao 
for a match with and without th : , D rt specified 



* Results: 

* None . 



* Side effects: 

A sid may be inserted into the URL. 



void TlCKET.lnsertLocalSidtHTTP.Request -regPtr, DString -result) 



HTTP_Server *serverPtr ; 
TICKET_Request *ticketPtr; 
char tmp[32] ; 
DString pattern!; 
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DString pattern2 ; 

DString tmp_url; 

DString *hitPattern * NULL; 

ticketPtr « (TICKET_Request *) HTJSetReqExtData (reqPtr , 
TicketServerData . tic 

if (ticketPtr « NULL) return; 
serverPtr = reqPtr- >serverPtr ; 



DStringlnit (tpatternl) ; 
DStringlnit (&pattern2) ; 
DStringlnit (&tnrp_url) ; 



DStringAppend (fcpatterni, "http://", -i) ; 

DStringAppend Upatternl, DStringValue ( tserverPtr- >ser V erName) , -1) 
DStringAppend <&pattern2, DStringValue (&patternl) , 
sprintf (tmp, ":%d", serverPtroserver _port) ; 
DStringAppend Upatternl, tmp, -l) ; 

if ( (DStringLength (result) >= DStringLength ( tpatternl) ) && 
(strncasecmp (DStringValue Upatternl) , DStringValue (result) , 
DStringLengt hitPattern - tpatternl; 
else 

if ( (serverPTR-->serverj)ort == 80) 

(DStringLength (result) >= DStringLength (&pattern2) ) && 
(strncasecmp (DStringValue (&pattern2) , DStringValue (result) , 

DStringLength hitPattern + &pattern2; 

if (hitPattern ! = NULL) 
{ 

DStringAppend ( &tmp_url , DStringValue (hitPattern) , - 1 ; 
DStringAppend(tmp_url, DStringValue (& ticket Ptr- >s id) , -l) ; 
DStringAppend (&tmp url, &DS tringValue (result) 
[DStringLength (hitPattern) ] , 
DStringFree (result) ; 

DStringAppend (result, DStringValue ( &tmp_url ) , -l) : 
DStringFree (&tmp_url) ; 

} 



DStringFree (tpatternl) ; 
DStringFree <&pattern2) ; 
DStringFree (&tmp_url) ; 
} 
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CreateSid 



This routine takes the passed arguments and creates a sid. 



* Results : 

* A sid. 
* 

* Side effects : 



*/ 

char * CreateSid(HTTP_Request *reqPtr, int dom, int uid, int kid, int exp 
int uctx) 

{ 

inc bsid[3] «= {0,0,0}; 
char temp_str [512J ; 
DString hash; 
int act_hash; 
static char sid [64]; 
unsigned int expire^time; 
char *secrec; 

unsigned char *ecp; 
unsigned irt :da; 
int endian = l ; 

DStringlnit (&hash) ? 
expire_time otime(0)+ exp; 



put_sid (dom_lw, 
put_sid (uid_lw, 
put_sid (kid_lw, 
put_ sid (exp_lw. 



dom_pos , 
uid_pos , 
kid__pos , 
espj)os , 



(expire_time>>exp_shft_amt) ) 

put_sid (uctx_lw, uctx_pos , 

put__sid (rev_lw, revj>os , 

secret = GetSecret (kid) ; 
ASSERT (secret ! « NULL) ; 
DStringAppend ( frhash, secret , - 1) ; 



dom_mask, 
uid_mask, 
kid_mask , 
exp_mask , 



dom) 
uid) 
kid) 



uctx_mask, uctx) ; 
rev_mask, sid_rev_zero) ; 
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DStringAppend ( thash, DStringValue ( fcreqPtr- >remoteAddr ) , -1 ; 

sprintf (temp_str, w %08x%08x n , bsid [2] , bsid [l] ) ; 

DS tringAppend ( &hash , tempos tr , - 1 ) ; 

/* format of the hash string is %s%s%08x*0Sx n , 
secret, ip_addr, bsid [2 [,bsid[l 

hashP « DStringValue (thash) ; 

act_hash = compute_ihash (hashP) ; 

while (*hashP ! - 0) *hashP++ = 0; 

DStringFree (&hash) ; 
/* fix_endian(&act_hash, ecp, eda) ; */ 

.put_sid(sig_lw, sig_pos, sig_mask, act_hash) 

/* f ix_endian(&bsid[0] , ecp, eda); */ 
f ix_endian(&bsid[l] , ecp, eda); 
f ix_endian*&bsid[2] , ecp, eda) ; 

#if (1 == 0 

DumpSidO ; 
#endif 

cp = radix€4encode__noslash( (char *) bsid, 12); 
strcpy(sid, SID_j>refix) ; 
strcat(sid, cp) ; 
free (cp) ; 
return (sid) ; 

} 

/* 

+ _ - 

* compute_hash - - 
* 

* Compute the MD5 hash for the specified string, returning the hash 

* a 32 b xor of the 4 hash longwords. 
★ 

* Results : 
hash int. 

* 

* Side effects: 
None. 
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*/ 

static int compute_ihash (char *str) 

{ 

MD5_CTX md5; 
unsigned char hash[16] ; 
unsigned int *pl; 
unsigned int hashi = 0; 

MDInit (tmdS) ; 

MDUpdateUmdS, (unsigned char *) str, strlen(str)) 

MDFinal (hash, &md5) ; 

pi = (unsigned int *) hash; 

hashi = *pl++ ; 
hashi ~ = *pl++; 
hashi *pl+- . 
hashi *= *pl++ ; 
return hashi; 

} 



* computeHash - - 
* 

* Compute th« MD5 hash for n-r. - : rified string, returni: 

'- - ■ — i-il S ' . 

* Results: 

Pointer to static hssh -:*:rin^. 

* 

* Side Effects: 

* None . 

* 

static char * computeHash (char *str) 
{ 

int i; 

MD5_CTX md5; 
unsigned char hash [16} ; 
static char hashstr[33]; 
char *q; 
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MDSInit (&md5) ; 

MDBTJpdate (&md5, (unsigned char *) str, strlen(str) ) ; 
MD5 Fina 1 ( has h , &md5 ) ; 
q = hashstr; 
for(i=0; i<16; i++ { 

sprintf(q, "%02x M , hash[i] ) ; 

q 2; 

} 

*q = '\0' ; 
return hashstr; 

} 

/* 

* . 

★ 

+ TICKET_ParseTicket 

* Called by dorequest, before any region commands or mount handlers 
+ have run. We parse and handle incomeing sid's and tickets . 

* Results : 

* None . 
* 

* Side effects: 
+ 

* 

*/ 

int TICKET_ParseTicket (HTTP_Request *reqPtr) 
{ 

int status = HT_OK; 

IncTicket Counter { Count TotalUrl ) ; 

status « ParseSid (reqPtr) ; 

if (TicketGlobalData (EnableTicket) && (status «= HT_OK) ) status = 
Pars eTi eke return status; 

} 

/* 



* ParseSid -- 
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* Called by TICKET ParseTicket , before ■ 

* w ~ oeiore any region commands or mount han^i. 

* have run. Me parse and handle incoiReing sid , s mount handle 



* Results: 
** None . 

* Side effects: 



int ParseSid(HTTP_Request *reqPtr) 
{ 

TICKEKT__Re quest *ticketPtr ; 
HTTP_Server *serverPtr ; 
DString hash; 
Int i ; 

char *cp, * cp 1 ; ^ 

int *bsid=NULL, act_hash ; ■ -. 

unsigned int cur_tim, tdif, exp__tim ; 

char * sec ret; 

char temp_str [512] ; 

char *hashP; 

int sid_ok = 0; 

unsigned char *ecp; 

unsigned int eda; 

int endian = i ; 

int ipl,ip2, ip3, i P 4 ; 

/* fetch the server private ticket extension da^a */ * ' 

/• note that this sets up a default ticket block for both SID's and Ticket a 
serverPtr = reqPtr->serverPtr; Ticket a 

ticketPtr = (TICKET Request *) HT 6etR.«Pvfn a h a / 

ASSERT (ticketPtr J0L )f OT " GetRe ^ tData <~<^> TicketServerData . tic 

ticketPtr . (TICKET_Request • > Malloc (sizeof (TICKET Request) ) - 

HT AddReq E xtData(reqPtr, TicketServerData . ticket Ext ens ion Id, ^cketPtr free 

DStringInit(&ticketPtr->rawUrl) ; Ptr ' free 

DStringlnit(&ticketPtr->sid) ; 

DStringInit(&ticketPtr->fields) ; 

DStringInit(&TicketPtr->signature) ; 

DStringlnit (&TicketPtr->ticketIP) ; 

ticketPtr- >valid = 0; 

ticketPtr->sidDom » -i ; 

ticketPtr- >ticketDom = -l; 

ticketPtr- >ticketExp « -i ; 

ticketPtr- >uid « 0 
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TicketPtr->uctx = 0; 

sscanf (DStringValue (&reqPtr->remoteAddr) , — Vd. Vd . Vd.Vd", &ipi, & ip2. &ip3 & 
ticketPtr->uid = <<(ipl + ip 2 )«24) | ( (ip3 + i P 4) «16) | (rand ( ) ' & OxFFFF) ) ; ' 
ticketPtr- >uctx « 1; 

/* we are done if sxds are not enabled, or this url does not have a sid */ 

if ( ! (TicketGlobalData(EnableSid) ) ) return HT_OK; 

cpl = DStringValue UreqPtr- >url ; 

if (strstr(cpl, SID prefix) ! = cpl) 

return HTJDK; 
if (strlen(cpl) == sidLength) 

{ 

DStringAppend(&reqPtr->url, "/", -1) ; 
DStringAppend(&reqPtr->path, "/", -i) ; 
cpl = DStringValue (&reqPtr->url) ; 

) 

cp = strchr (cpl+sizeof (SID — pref ix) , ' /' ) - 
if ( (cp - cpl) != sidLength) 

return HT_OK ; 
IncTicketCounter (CountSidUrl) ; 

DStringlnit ( frhash) ; 

/* if sid eater is enabled, rewrite the url without the sid, and reprocess t 
if (TicketGlobalDat ( Enables idEater) ) 
{ 

DStringAppend(&hash, DStringValue ( &reqPtr->url ) , -1) ; 
DStringFree (reqPtr- >url ) ; 

DStringAppend(&reqPtr->url, DStringValue (&hash) fchash) +sidLength, -1) ; 
DStringTnmc (thash, 0); 

DStringAppend(&hash, DStringValue ( ireqPtr- . path) , -l) ; 
DStringFree (&reqPtr->path) ; 

DStringAppend(&reqPtr->path, DStringValue (fchash) +sidLength, -l) ; 
DStringFree (&hash) ; 

IncTicketCounter (CountDiscardedSidUrl) ; 
return HT__OK; 

} 

DStringAppend(&ticketPtr->sid, DStringValue <&reqPtr->url) , sidLength) ; 

/* first convert the SID back to binary*/ 
i = DStringLength(&ticketPtr->sid) -3 ; 

bsid » (int *) radix64decode_noslash(DStringValue(&ticketPtr->sid)+3, i, &i) 
iif {(bsid == NULL) || (i i+12)) goto rtn_exit; 

fix_endian<&bsid[0] , ecp, eda) 
f ix_endian(&bsid[l] , ecp, eda) 
f ix_endian(&bsid[2] , ecp, eda) 
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/* check the SID version field */ 

if <get_sid(rev_lw,rev_pos.rev_ma Sk , , . sid _ rev 2ero , 

x£ 9«t_.xd(r.rvl_ lw . r . rvl _ po .. r . rvl _ 11Mk) , = „" / ^- b * d ' 

xf (g.t..xd ( „rv a> , r<rvajpo . irirvJ _ BiBk) !+ 0) goto sid _ b -^' 

/• Get a pointer to the secret */ 

secret = GetSecret (get_sid (kid_lw, kid_p OS . kid_n,ask) ) ; 
if (secret == NULL) goto sid_bad; 

/* hash the sid and check the signature-/ 
DStringAppend(&hash, secret. -1) ; 

DStringAppend^ash, DStringValue < & reqPtr->remoteAddr) -i). 

spnntf (temp_str, «%08x%08x". bsid [2] . bsid [1] ) ; 

dstringAppend(&hash, temp_str, -l) ; 

/* format of the hash scrino is %s%s%0S> vn«y .. „ 

.s.s.08>.,CBx , secret, ip_addr.bsid[2.j'.bsidll 

act_hash = compute_ihash (hashP) ; 
while (*hashP != 0) *hashP=- 0; 
fix_endian(&act_hash, ecp, eda) ; 

if (act_hash 1 = get_sid(sig_l„,6ig_pos, S i g _ lnasJO) goto sid _ bad; 

/* is is ok. may be expired, but good enough to id user ./ 
ticketPtr->uiid = get_sid(uid_llw.uid _pos, uid_mask) 
t iC ketPtr->uctx = get_ S id(uctx_lw,uctx_pos,uctx_ m a S k); 

/* do the SID experation processing*/ 
cur_tim = (time(0)»exp_shft_amt) * exp_mask; 
exp P _tim = get_sid(exp_lw,exp_pos,exp_mask); 
tdif = (exp_tim - cur_tim) & Oxffff ,- 
if (tdif > 0X7fff) 
{ 

IncTicketCounter (countExpSid) ; 
goto sid_exp; 

} 

/* sid is fine, save the sid state, update the url's •/ 
txcketPtr->sidDom = get.sid (dom_lw. don,_pos, don, mask); 

ticketPtr->valid *= l ; 
sid_ok = 1; 

IncTicketCounter (CountValidSid) ; 
sid_bad: 

if <!<sid_ok)) IncTicketCoiinter(CountlnvalidSid); 
sid_exp: 

DStringAppendttticketPtr^rawDrl, DStringValue (treqPtr- > P ath, , -i) , 
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DStringTrunc (&reqPtr->path, 0) ; 

DStringAppend ( fcreqPtr- >path, DStringValue ( tticketPtr- >rawUrl ) + sidLe n g th , - a 
DStringTrunc (tticketPtr- >rawUrl, 0) ; 

DStringAppend UticketPtr- >rawUrl , DStringValue <&reqPtr- >url) , -1) ; 
DStringTrunc (&reqPtr->url , 0) ; 

DStringAppend < & reqPtr->url, DStringValue < & ticketPtr->ravOrl) .sidLength, -i) . 

rtn__exit : 

DStringFree ( fchash) ; 

if (bsid != NULL) free(bsid); 

return HT_OK; 

} 



* f reeTicketReqData 
* 

* This routine frees the storage used by ticket specific request 

* data. 
* 

* Results : 

* None . 
* 

* Side effects: 

* Memory freed. 



;tatic void f reeTicketReqData (void *dataPtr) 
{ 

TICKET_Request *ticketPtr - dataPtr; 
DStringFree (it icketPtr- >rawUrl ) ; 
DStringFree (fcticketPtr- >sid) ; 
DStringFree UticketPtr- >f ields) ; 
DStringFree (&t icketPtr -signature) ; 
DStringFree (&ticketPtr->ticketIP) ; 
free(ticketPtr) ; 
} 

/* 



* GetSecret 
* 

* Given a binary keylD, returns an ascii secret from the 
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* secrets store. 

* for untranslatable names, return NULL. 

* Results: 

"I've got a secret, now you do too- 

* Side effects: 



*/ --- 

char *GetSecret(int kid) 
{ 

HashEntry "entryPtr; 

entryPtr + FindHashEntry ( . , e rv»rDat a c 

if (entryPtr ==NULL) returnNULL : erV ^ Data SeCretSKld - '-id •) k id, ; ,. 



urn NULL; 

.turn nstring;.- (D s tr - :nff MGetHashValue ( entr yp trJ , ; 



* GetKidByKeylD 

* Given an ascii Key i D return the binary Key id 
for untranslatable names, return -i. 

* 

* Results: 

■I've got a secret, now you do too- 

* 

* Side effects: 



int GetKidByKeylD (char *)ceyID) 
HashEntry *entryPtr ; 



return (int) GetHashValue (entryPtr) ; 
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* fieldParse 



* Given a string, a separator character, extracts a field up to the 

* separator into the result string. 

* Does substitution on '*XX' sequences, and returns the pointer to the 

* character beyond last character in '*endptr'. 
* 

* Results : 

* Returns a malloc'ed string (caller must free), or NULL if an 

* error occurred during processing (such as an invalid '%* sequence). 
* 

* Side effects: 

* None . 



*/ 

#define SIZE_INC 200 

statiic char *f ieldParse (char *str, char sep, char **endptr) 
{ 

char buf [3] ; 
char c ; 

char *end, *data, *p; 
int maxlen, len; 



len = 0; 

maxlen = SIZE_ INC; 

p = data = ma Hoc (maxlen) ; 



/* 

* Loop through string, until end of string or sep character. 
*/ 

while (*str && *str != sep) { 



if (*str *= '*') { 

if ( ! isxdigit (str( [1] ) 
free (data) ; 
return NULL; 

} 

buf [0] « str [1] ; 
buf [1] - str [2) ; 
buf [2] o '\0' ; 
c = strtoKbuf, &end, 
str f- 3; 



| | ! isxdigit (str 12] ) ) { 



16) ; 
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} else if (*etr == ' +' ) { 

c = ' - ; 

str++ ; 
} else 

C o *str++ ; 

*p++ = c; 
len++; 

if (len >= maxlen) { 
maxlen += SIZE_INC; 
data - real loc (data, maxlen); 
p = data + len; 

} 



*endptr = str; 
return data; 

} 

/* 



DomainNameCmd -- 



^ this routine, builds the ascii domain name 

- sltaTH ^ maPing StrUCtUre f ° r 3 

Syntax is uo,-.axn number namel name 2 name3 ,me...name last 

At least one name i s required. The number is decimal"^ 

can be any value except -! is reS erved as a marker 

tor untranslatable names. 



Results : 
None . 



Side effects ; 

Commands are validate, and entries added to the map 



*/ 

static int Domain N ameCmd(ci ie ntDa ta clientData. Tcl_mterp -interp, 
^ int argc, char **argv) 

int new,i ; 

HashEntry *entryPtr; 
int DocnNumber ; 
DString DomName; 
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if (argc <3) 
{ 

Tcl_^pendResult (interp, argv[0], « directive: wrong number of " 
"arguments, should be \"3\"", 
(char *) NULL) ; 
return TCL_ERROR; 
} 

DStringlnit (&DomName) ; 

if ( ( (sscanf (argvflj , "Vd", &DomNumber) ! = 1 || (DomNumber == -1))) 

Tcl_AppendResult (interp, argv[0] , ■ directive: n , 

"Domain number must be an integer, and not equal to 
", value found was ",argvfl], 
(char *) MULL) ; 

return to TCL_ERROR; 

} 

for (i = 2; i < argc; i++) 
{ 

DS tringFree (&DomNarae) ; 
DStringAppendC&DomName, argv[i] , -1) ; 
strtolower (DString Value (&DomName) ) ; 

entryPtr = CreateHashEntry < &TicketServerData . Domains , DStringValue 

( &DomNam 
if (new == o) 
{ 

Tcl_AppendResult (interp, argv(0J ( - directive: 

"Duplicate domain name specified, ' argv[i] , 99 9 , 

(char *) NULL) ; 
return TCL_ERROR ; 
} 

SetHashValue (entryPtr, DomNumber) ; 
} 

DStringFree (&DomName) ; 
return TCL_OK; 

} 



* SecretsQnd 

* A call to this routine, builds kid to secrets table 
* 

* Results : 
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* None . 

- * 

* Side effects: 

* Secrete are stored. 



*/ 

static int SecretsCmdfClientData clientDate, Tcl_interp -interp, 
int argc, char **argv) 

int newKid,newKeylD; 

HashEntry -entryPtrKid = NOLL, -entryPtrKeylD = NULL • 

int Kid; ' 

DString *dsptrKid; 

if (argc ! =4) 
{ 

Tci_AppendResult(interp, argv[0]. « directive: wrong number of » 

"arguments, should be \ t, 4\ M « ( 

(char *) NULL) ; 
return TCL_ERROR; 
} 

if (sscanf (argv[2] , **d", &Kid) * = i) 

{ 

Tcl_AppendResult (interp, argvfo], 

" directive: KeylD must be an integer", 
* value found was ' '\ argv[2] , 

(char *) NULL) ; 
return TCL_ERROR; 
} 

entryPtrKid = CreateHashEntry (WicketServerData Seer-* - : , v„ 

if (strlen(argv[l] ) ) ' ' } id ' to 

entryPtrKeylD - CreateHashEntry (&Tic)cetServerData . KeylD, (void *) argvfi] 
xf ((newKid « o || UnevKeylD „ o) && strlen (argv t i, n ) 

Tcl_AppendResult (interp, argv[0] , 

- directive: Duplicate Secret specified for KeylD <• 
argv[i], 

(char *) NULL) ; 

return TCL_ERROR; 

} 

if (strlen (argv [l J ) ) 
{ 

dsptrKid - (DString *) malloc (sizeof (DString) ) ; 
DStringlnit (dsptrKid) ; 
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DStringAppend(dsptrKid, argv[3], -1) ; 

SetHashValue (entryPtrKid, dsptrKid) ; 
} 

SetHashValue (entryPtrKeylD, Kid) ; 

return TCL_OK; 

} 



/- 



* TICKET Initialize 



Calls all the necessary routines to initialize the ticket subsystem. 



* Results: 

* None . 
* 

* Side effects: 

* Commands added to the region interpreter. 

* SID «/@@- url catcher declared. 



int TICKET_Initialize<HTTP_Server fcserverPtr, Tel Interp * intern) 
{ 

TicketServerData.ticketExtensionld = HT_Regi sterExt ens ion (server Ptr, 
"ticket 

InitHashTable ( &Ti eke tServerDat a. Secrets Kid, TCL_ONE_WORD_KEYS ) ; 
InitHashTable UTicketServerdata. KeyiD, TCL__STRING_KEYS) ; 
InitHashTable UTicketServerData. Domains, TCL_STRING KEYS) ; 

/* initialize Server ticket data */ 
DStringlnit <&TicketGlobalData (AuthServer) ) ; 
DStringlnit UTicketGlobalData (TicketExpHandler) ) ; 
DStringlnit ( &TicketGlobalData (TicketAdrHandler) ) ; 
TicketGlobalData(FreeArea) . o ; 

TicketGlobalData(EnablelocalAuth) = o ; 

TicketGlobalData(CurrentSecret) = o ; 

TicketGlobalData(EnableSid) = 0; 

TicketGlobalData(EnableTicket) « 0; 

TicketGlobalData(EnableSidEater) = o ; 

TicketGlobalData(LocalAuthExp) . 60*30; 

/* ticket event counters */ 
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TicketGlobalData (CountTotalUrl ) 
TicketGlobalData (CountSidUrl) 
TicketGlobalData (CountValidSid) 
TicketGlobalData (CountExpSid) 
TicketGlobalData (Count Invalids id) 
TicketGlobalData ( Count CrossDomain) 
TicketGlobalData (CountLocal redirects) 
TicketGlobalData (CountRemoteRedirects) 
TicketGlobalData (CountNoRedirects) 
TicketGlobalData < Count Di s cardedS i dUr 1 ) 



= 0 
= 0 

- 0 

"* 0 

= 0 

«= 0 

= 0 

= o 

- 0 

= 0 



DomainNameCmd , 



SecretsCmd, 



/* Ticket related Config commands */ 
Tcl^CreateCommandfinterp, "Domain- , 

(ClientData) serverPtr, NULL) ; 
Tcl_CreateCommand(interp, "Secrets", 

(ClientData) serverPtr, NULL) - 
Xcl.CreaceComn-ruKinterp. -Au=nenticationServ er » . CmdStringVaiue 

(Cl.entData) TicketGlobalData (AuthServer) . NULL) • 
Tel createcommanddnterp. "TicketExpirationHandler- . CmdStringValue 
(ClxentData) TicketGlobalData (TicketExpHandler, . null, m "W lv *.- 
Tel createcommanddnterp. -TicketAddressHandler- . CmdString Value 
(ClxentData) TicketGlobalData (TicketAdrHandler, . NULL) • ' 
Tcl_Creat e Command(interp, -FreeDomain- . Cmdln-V- • ' 

(ClientData) TicketGlobalData (FreeArea) , NULL)- 
Tel CrwteeoaadUnterp, -Snabl.sidE.ter-. CmdlntValue 

(ClientData) TicketGlobalData (EnableSidEater) . NOLL) • 
Tc LCreateCommanddnterp. "EnableSid-, CmdlntValue 

(ClxentData) TicketGlobalData (EnableSid) , NULL) • 
Tel C re ateCo mm and(interp, -EnableTi,ket- . CmdlntValue 

(ClxentData) TicketGlobalData (EnableTicket) . NULL) ■ 
Tel createconunanddnterp. -EnableLocalAuth- . CmdlntValue 

(ClxentData) TicketGlobalData (EnableLocalAuth). NULL)- ' 
Tel CreateCononandUnterp. "CurrentSecret-, CmdmtValue 

(ClxentData) TicketGlobalData (CurrentSecret) . NULL) • 
Tel Createco^andliaterp, -LocalAuthExp- , CmdlntValue 

(ClxentData) TicketGlobalData (LocalAuthExp) . NULL,- 



HT_AddMounthandler (serverPtr , (ClientDat 
"/omieerver", NULL) ; 



a) NULL, TICKET_DebugHooks, 



return HT_OK ; 
) 



SUBSTITUTE SHEET (RULE 26) 



WO 96/42041 



PCT/US96/07838 



-46- 

* TICKET_Shutdown 
* 

* Calls all the necessary routines to shutdown the ticket subsystem. 

* Results: 

* None . 

* Side effects: 

* Memory freed 



void TICKET_Shutdown (HTTP_Server *serverPtr) 

{ 

HashEntry *entryPtr; 
HashSearch search ; 
DString * dstring; 

DStringFree(&TicketGlobalData(AuthServer) ) ; 
DStringFreeUTicketGlobalData(TicketExpHandler) ) ; 
DStringFree(&TicketGlobalData(TicketAdrHandler) ) ; 

entryPtr = FirstHashEntry (&TicketServerData .SecretsKid, Search) ; 
while (entryPtr ! = NULL) 

{ 

dstring - GetHashValue (entryPtr) 
DStringFree (dstring) ; 
free (dstring) 

entryPtr = NextHashEntry&search) ; 
} 

DeleteHashTable < &TicketServerData . SecretsKid) 
DeleteHashtable (tTicketServerData .KeylD) ; 
DeleteHashTable ( &Ti eke tServerData .Domains) ; 
} 



* TICKET_AddRegion Commands 

* Add TICKET region commands for authentication/authorization 
decisions . 

* Results : 

None . 
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Side effects; 

Commands added to the region interpreter. 



void TICKET.AddRegion Commands (HTTP.Reguest -reqPtr, Tcl_mterp -interp) 

Tcl_CreateConimand<interp, "RequireSID" , TICKET_RequireSidCmd, 

(ClientData) reqPtr, NULL) • 
Tcl.CreateConunaadCinterp. -RequireTicket- . TICKET.RequireTicketCtnd. 
^ (ClientData) reqPtr, NULL) ; 



* TICKET_GetCGIVariables -- 
* 

* Add TICKET CGI variables to the CGI variable table. 

* Results : 

None . 

* Side effects.* 

Extends the CGI variable hash table. 



void TICKET GetCGIVariables (HTTP_Request *reg) 

{ 

TICKET_Request 'ticketPtr « (TICKET_Request *) 
HT_GetReqExtData (req . Tickets 



return 

*/ 



* If there's no extension data, then we're not- _ ■ i 

' tlien we re not doxng a ticket. Just 



if (ticketPtr == NULL) 
return) \; 



SUBSTTTUTE SHEET (RULE 26) 



WO 96/42041 



PCT/US96/07838 



-48- 

if (DStringLength(&ticketPtr->ravUrl) i = o) 

HT_AddCGIParameter(req, n TICKET__URL n , DStringValue <&ticketPtr- 
>rawUrl) , FA 

if (DStringLength (&ticketPtr->sid) ! « o) 

HT_AddCGIParameter(req, -TICKET_SID" , DStringValue UticketPtr- 
>sid) , FALSE 

if (DStringLength (&ticketPtr->fields) != o) 

HT_AddCGIParameter(req, "TICKET_FIELDS " , DStringValue (&ti eke tPtr- 

>f ields) . 

if (DStringLength (&ticketPtr->signature) .»= 0) 

HT-AddCGIParameter(req, "TICKET_SIGNATURE" . DStringValue ( tticketPtr- 

>signa 

}/* 

* 

* 

*TICKET_GetUrl 
★ 

Return the orignal url (with sid) 

* 

* Results : 

* The URL . 
* 

* Side effects : 

None . 



char * TICKET_GetUrl (HTTP_Request *reqPtr) 

{ 

T I CKET_Re que s t * ticketPtr; 

ticketPtr = (TICKET_Request *) 

HT_GetReqExtData(reqPtr, TicketServerData . ticketExtensionld) ; 
if {(ticketPtr !» NULL) && 

(DStringLength (&ticketPtr->rawUrl) !* 0) ) 
return DStringValue (&ticketPtr->rawUrl) ; 

else 

return DStringValue (&reqPtr->url) ; 

) 



* 

* TICKET_Conf igCheck 

* Perform late configuration checks 
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* 

* Results : 



Side effects : 

Possible message loged/printed, and program exit'd. 



* r 

*/ " 
void TICKET_Conf igCheck < ) 
{ 

HashEntry *entryPtr; 
int kid; 

if ( (TicketGlobalData (EnableSid) & -Oxl ) ' = 0) 
{ 

LogMessage (LOG_ERR, "Enable. Ti™ • — ■ • o or i")- 
exit (0) ; 

) 

if ( ! (TicketGlobalData (EnableSid) ) ) return; 

kid - TicketGlobalData (Current Sec ret) ; 
if (kid && >:id_mask) ! --- kid) 
{ 

LogMessage (LOG- ERR; "Cur rent Sec ret %d is invalid", kid) ; 
exit (0) ; 

} 

entiy?tr = FindHashEntry ( * icketServe. _ :a . SecretsKid , (void *) kid) ,- 

if(entryPtr = » NULL) 
{ 

LogMessage (LOG_ERR) , -No secret defined for CurrentSecret %d», kid; 
exit (0) ; 

if ( (TicketGlobalData (FreeArea) & -0x255) •= 0) 
{ 

LogMessage (LOG_ERR, "FreeArea must be between 0 and 255"); 
exit(0); 



if ( (TicketGlobalData (EnableSidTicket) & -0x1) »= o) 
{ 

LogMessage (LOG_ERR, "EnableSidTicket must be 0 or 1"); 

exit (0); 

} 
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if ( (TicketGlobalData (EnableTicket) & -0x1) ■-■(>)• 
{ 

LogMessage (LOG_ERR, "EnableTicket must be 0 or 1"); 
exit (0) ; 

} 

if ( (TicketGlobalData (EnableLocalAuth) & -0x1) '= o) 

{ 

LogMessage(LOG_ERR, "Enabl Local Auth must be 0 or 1"); 
exit (0); 



* TICKET_DebugHooks 
* 

* Check for debug hooks and execute if found. 
* 

* Results : 

* None . 
* 

* Side Effects: 

* None . 



*/ 

tatic void TI CKET_DebugHooks (ClientData clientData, char -suffix, 

HTTP_Reque s t p reqP t r ) 

{ 

if (strcmp (suffix, "/ticketstatus" ) == 0) 
{ 

DumpS tatus (reqPtr) ; 
HT_FinishRequest (reqPtr) ; 
return; 

) 

HTTP_Error (reqPtr, NOT_FOOND, -access denied due to poorly formed url") 
HT_FinishRequest (reqPtr) ; 
return ; 

} 

/* 



* DumpStatus — 

* Dump the server's ticket stat' 
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* Results: 

* None . 
* 

* Side effects: 

* None . 



*/ """" 

^define BUFSIZE 1024 

static void Dumps ta tus (HTTP_Request *regPtr) 

HTTP_Server *serverPtr = reqPtr- >serverPtr ; 
char fcmp [BUFSI2E] , timeStr [BUFSIZE] ; 
struct utsname sysinfo; 
time_t uptime ; 
int hours; 

HTTP_beginHeader (reqPtr, "200 OK); 

HTTP_SendHeader(r eg Ptr. - Content - type : text/html". NULL). 
HTTP_EndHeader (reqPtr) ; 

HTTP_ Se nd(reqPtr. »< ti tle>KobServer Ticket Status</title>" , 

»<hl>WebServer Ticket Status</fal> : , NULL) ; 

HTTP_Send(re g Ptr, »<pxhr»<p>< h2>Ticket Log</h2> „, - <p><pre> , n „ . ^ . 

-printf<tmp, » <b>Vs: </b> . : . n ., , Number of acceas „ . 

HTTP_Send (reqPtr, tr. ? . NULL); ' Tlcket 

sprintf (tmp, » <b>%s: </b> Vd\n", "Number of SID URL's - Ticket 

HTTP_Send(regPtr. tmp. NULL) ; . ' Tl ° ket 

sprintf (tmp, - <b>%S: </b> ^ , _ Qf _ 

HTTP) Send (reqPtr, tmp. NULL) ; ' ilck:et 

sprintf (tmp, - <b>iS: </b> *d\n= , -Number of Expired SID' s - T i ck ^ 

HTTP) Send (reqPtr, tmp, NULL) ; ' ' Tlcket 

sprintf (tmp, - <b>%S: </b> vdNn:> „ Number of Invali(JsiD , s „ 

.TIT, Send (reqPtr, tmp, NULL); ' Tlcket 

sprintf (tmp, - <b>%S: </b> %dNn:> of ^ 

HTTP) Send (reqPtr, tmp, NULL) ; . Ticket 

sprintf (tmp, - <b>%S: </b> %dNn; Redirect8 . _. . fc 

HTTP ) Send ( reqPtr , tmp, NULL); ' TlCket 

sprintf (tmp. - <b>%S: </b> %dNn:i . Number Qf Redirects . „. fc 

HTTP ) Send ( reqPtr , tmp, NULL) ; eairects , Ticket 

sprintf (tmp, . <b>%S: </b> %dNn:> -Number of No Auth servers Ticket 
HTTP_Send (reqPtr. tmp, «</pre>», NULL) ; 

uptime o time (NULL) = eerverPtr->started; 
uname Usysinf o) ,- 
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strif time (timeStr, BUFSIZE , "*A, %d-%b-Vy VT" , 
localtime ( serverPtr- >started) ) ; 

springf (tmp, "Server runing on <d>*s</b> (*s Vs) port *d, has been up 
since *s.<p>", sysinf o.nodename, sysinf o . sysname, 
sysinf o. release, serverPtr- >serverjport , timeStr) ; 
HTTP_Send ( r eqP t r , tmp , NULL ) ; 

sprintf (tmp, " <b>Number of connections: 

serverPtr- >numConnects) ; 
HTTP_Send( reqPtr, tmp, "<pxpre>\n", tmp, NULL) ; 
sprintf (tmp, M <b>Number of HTTP requests; 
HTTP_Send< reqPtr, tmp, "</pre><p>" f NULL) ; 

hours « max (uptime / 3600, 1) ; 
sprintf (tmp, "This server is averaging <b>Vd</b> requests per hour.<p>«, 

serverPtr- >numRequests /hours) ; 
HTTP_Send ( reqPtr , tmp . NULL) ; 

DumpRusage (reqPtr) 
/* DurapConnections (reqPtr) ; */ 

DNS_DumpStats (reqPtr) ; 

HTTP_Send (reqPtr, - <pxhrxaddress>" , DStringValue (&ht_serverSof tware) , 
M </address>\n", NULL) ; 

reqPtr- >done = TRUE; 

} 

#undef BUFSIZE 



</b> *d\n", 



</b> *d\n". 
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CLAIMS 

What is claimed is: 

1. A method of processing service requests from a client 
to a server system through a network comprising: 

5 forwarding a service request from the client to 

the server system; 

returning a session identifier from the server 
system to the client; and 

appending the session identifier to the request 
10 and subsequent service requests from the client to the 

server system within a session of requests. 

2. A method as claimed in Claim 1 wherein the server 
system tracks an access Vi story of sequences of 
service requests within the session of requests. 

15 3. A method as claimed in Claim 2 wherein the server 

system tracks the access history to determine service 
requests leading to a purchase made within the session 
of requests. 

4. A method as claimed in Claim 1 wherein the server 
20 system counts requests to particular services 

exclusive of repeated requests from a common client. 

5. A method as claimed in Claim 1 wherein the server 
system maintains a database relating customer 
information to access patterns, the information 

25 including customer demographics. 



SUBSTITUTE SHEET (RULE 26) 



WO 96/42041 



54 



PCT/US96/07838 



A method as claimed in Claim 1 wherein the server 
system subjects the client to an authorization routine 
prior to issuing the session identifier and the 
session identifier is protected from forgery. 

A method as claimed in Claim 6 wherein the server 
system comprises plural servers including an 
authentication server which provides session 
identifiers for service requests to multiple servers. 

A method as claimed in Claim 7 wherein: 

a client directs a service request to a first 
server which is to provide the requested service; 

the first server checks the service request for a 
session identifier and only services a service request 
having a valid session identifier, and where the 
service request has no valid identifier: 

the first server redirects the service 
request from the client to the authorization server; 

the authorization server subjects the client 
to the authorization routine and issues the session 
identifier to be appended to the service request to 
the first server; 

the client forwards the service request 
appended with the session identifier to the first 
server ; and 

the first server recognizes the session 
identifier and services the service request to the 
client; and 

the client appends the session identifier to 
subsequent service requests to the server system and 
is serviced without further authorization. 

A method as claimed in Claims 1 or 7 wherein the 
session identifier includes a user identifier. 
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10. A method as claimed in Claims i or 7 wherein the 

session identifier includes an expiration time for the 



session. 



10 



11. A method as claimed in claim 7 wherein the session 
identifier provides access to a protected domain to 
which the session has access authorization. 

12. A method as claimed in Claim n wherein the session 
identifier is modified for access to a different 
protected domain. 

13. A method as claimed in Claim 7 wherein the session 
identifier provides * key identifier for key 
management. 



14 



15 



15 



20 



16. 



25 



em. 



A method as claimed in Claims 1 or 7 wherein the 
server syste records information from the session 
identifier in a transaction log in the server syst 

A metiiou as claimed in Claims 1 or 7 wherein 
communications between the cliert and server system 
are according to hypertext tran. er protocol and the 
session identifier is appended as part of a path name 
m a uniform resource locator. 

A method as claimed in Claim is wherein the client 
modifies the path name of a current uniform resource 
locator using relative addressing and retains the 
session identifier portion of the path name unmodified 
for successive requests in the session. 
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17. A method as claimed in Claim 1 or 7 further comprising 
excluding requests made to information from the client 
within a defined period of time. 

18. A method of processing service requests from a client 
to a server system through a network comprising: 

responding to a request for a document received 
from the client through the network; 

appending a session identifier, which includes a 
user identification, to the request; and 

returning the requested document wherein the 
document is customized for a particular user based on 
the user identification of the session identifier. 

19. A method of processing service request for a document 
received from a client through network in which the 
document has been purchased by a user comprising: 

responding to a request for a document received 
from a client through the network in which the 
document has been purchased by the user; 

appending an authorization identifier to the 
request; and 

returning the requested document if the 
authorization identifier indicates that the user is 
authorized to access the document. 

20. A method as claimed in Claim 19, wherein the 
authorization identifier is encoded within a session 
identifier which is appended to the request. . 

21. A method of processing service requests from a client 
to a server system through a network comprising: 

responding to a request for a document received 
from a client through the network; 

appending a user identifier to the request; 
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returning the requested document to the client, 

and; 

charging the user identified in the identifier 
for access to the document. 

2. A method as claimed in Claim 21, wherein a user 
identifier is encoded within a session identifier 
which is appended to the request. 

3. A method of processing service requests from a client 
to a server system through a network comprising: 

forwarding a service request from the client to 
the server system; and 

?.DOPr.ding a session identifier to the request and 
subsequent service requests from the client to the 
server system within a session of requests. 

4. An information system on a network comprising: 

means for receiving service requests from clients 
and for . • :^ nher - su: • i^c j., _ ....t includes 

<~ session identifier; 

means for providing the session identifier in 
response to an initial service request in a session of 
requests ; and 

means for servicing service requests from a 
client which include the session identifier, the 
subsequent service request being processed in the 
session. 

5. An information system as claimed in Claim 24 wherein 
the means for providing the session identifier is in a 
server system which services the requests. 

6. An information system as claimed in Claim 23 further 
comprising an authorization routine for authorizing 
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the client prior to issuing the session identifier and 
means for protecting the session identifier from 
forgery. 

27. An information system as claimed in Claim 24 further 

5 comprising a transaction log for recording information 

from the session identifier. 

28. An information system as claimed in Claim 24 further 
comprising means for tracking access history of 
sequences of service requests within the session. 

lO 29. An information system as claimed in Claim 24 further 
comprising means for counting requests to particular 
services exclusive of repeated requests from a common 
client. 



15 



20 



25 



30. An information system as claimed in Claim 24 further 
comprising a database relating customer information to 
access patterns, the information including customer 
demographics . 

31. An information system as claimed in Claim 25 wherein 
communications between the client and server system 
are according to hypertext transfer protocol and the 
session identifier is appended as part of a path name 
in a uniform resource locator. 

32. An information server on a network comprising: 

means for responding to requests for hypertext 
pages received from a client through the network by 
returning the requested hypertext pages to the client; 

means for responding to further requests derived 
from links in the hypertext pages; and 
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means for tracking the further requests derived 
from a particular hypertext page. 

33. An information server as claimed in claim 32 wherein 
the requests include a conunon session identifier and 
the server tracks requests within a session of 
requests . 

14. An information server as claimed in Claim 32 further 
comprising a data base relating customer demographics 
to access patterns. P 

5. A method of providina access 

g access to information pages from 
server sys^ through a network 

comprising: 

providing a telephone number at the client- 

mapping the telephone number to a target page 
identifier using a translation database; 

requesting information described by the page 
identifier from the server system; an- 

displaying a page identified by the page 
identifier at the client. 

' a ZlTt V Pr ° Vidi " 9 aCCMS ^ in£ °™»«»" PW* f«» 
client to a server syste. through a network 

comprising : 

providing a descriptor at the client- 
napping the descriptor to a target page 

identifier using a translation database- 

requesting at the client information described by 

the page identifier from the server system without 

further user action; and 

displaying a page identified by the page 
identifier at the client. 
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7. A method as claimed in Claims 35 or 36 wherein the 
translation database resides in the server system 
which returns a uniform resource loctor in a REDIRECT 
command to the client to cause the client to request 
the information using the uniform resource locator. 

8. A method as claimed in Claim 36 wherein the descriptor 
comprises a telephone number. 

9. A method as claimed 'in Claim 36 wherein the descriptor 
comprises a descriptive term. 

o. A method as claimed in Claim 39 wherein the term 
includes a company name. 

. A method as claimed in Claim 39 wherein the term 
includes a product name. 

A method as claimed in Claim 39 wherein the term is 
identified by phonetic mapping. 

A method as claimed in Claims 35 or 38 wherein the 
target page identifier describes a controlled page. 

A method as claimed in Claims 35 or 3 6 wherein the 
target page identifier is a uniform resource locator. 
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